"The latest update of the Locky ransomware as of December 5, 2016 has brought about a couple of changes to the way this infection manifests itself. The most conspicuous tweak has to do with the new .osiris extension that the perpetrating program affixes to filenames. The threat actors have apparently switched from using Norse mythology to an Egyptian naming theme. The primary attack vector underwent an alteration as well. The payload for Osiris ransomware is delivered with spam emails that contain a malware-tainted .xls file on board. When a user opens this spreadsheet, it turns out blank. The document displays a prompt instructing the victim to “enable content”, which actually translates to activating Microsoft Excel macros. Then, the infection exploits macros to execute the .osiris file ransomware on the targeted computer."